Location: PHPKode > projects > Tinbox > accountadmin/users.php
<?php
//Administration of course administrators


//handle submitted data
switch($submit)
        {
        case "Update":
                echo "<h1>Result - Update Users</h1>";
                if ($username!="" && $useridx!="" && $useremail!="")
                        {
                        if ($useridx=="0") //new
                                {
                                $useridx=md5(uniqid(rand()));
                                $sql = "insert into admin_users( idx ,name , email, access_co ) values ( '".$useridx."', '".$username."', '".$useremail."', '1' )";
                                if(mysql_query($sql))
                                        echo "<span class=\"succ\">Success</span> - Account ".$username." added";
                                else
                                        echo "<span class=\"fail\">Error</span> - Failed to update database";

                                }
                        else //edit
                                {
                                $sql = "update admin_users set name='".$username."', email='".$useremail."' where idx='".$useridx."' limit 1";
                                if(mysql_query($sql))
                                        echo "<span class=\"succ\">Success</span> - Account ".$username." updated";
                                else
                                        echo "<span class=\"fail\">Error</span> - Failed to update database";
                                }
                        }
                else
                        {
                        echo "<span class=\"fail\">Failed</span> - All fields not completed";
                        }
                echo "<hr>";
                break;
        }

if($pswdset && isset($useridx))
        {
        $sql = "select name, email from admin_users where idx='".$idx."' or idx='".$useridx."' order by access_ac limit 2";
        $result=mysql_query($sql);
        $row = mysql_fetch_object($result);
        $useremail=$row->email;
        $username=$row->name;

        if($pswdset=="clear")
                $userpsw="";
        else
                $userpsw=strtr(strtolower(substr($username, 0, 4)).(string)rand(100000,999999)," ","*");
        $sql = "update admin_users set psw='".$userpsw."' where idx='".$useridx."' limit 1";
        if(mysql_query($sql))
                {
                echo "<span class=\"succ\">Success</span> - User ".$username.", ".$pswdset." password.";
                        if($pswdset=="set")
                                {
                                //mail
                                echo " The password has been mailed to ".$useremail;
                                $row = mysql_fetch_object($result);
                                $mail_sender=$row->email;
                                $mail_from=$row->name;
                                require(PPATH.INCLUDES."mailheader.php");
                                mail($useremail, BRAND_NAME." Password " ,"Your course administrators password is <b>".$userpsw."</b><br><br><br>** This is an automated message. **",$mailheader);
                                }
                }
        else
                {
                echo "<span class=\"fail\">Error</span> - Failed to ".$pswdset." password";
                }

        echo "<hr>";
        }

echo "<h1>Course Administrators</h1>";

$sql = "select idx, psw, name, email from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
if(mysql_num_rows($result))
        {
        echo "<table class=\"tabular\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" width=\"98%\">";
        echo "<tr><th>Name</th><th>Email</th><th>Accounts</th><th>Students</th><th>Groups</th><th>Active</th><th></th><th colspan=\"3                                           \">Password</th></tr>";
        while($row = mysql_fetch_object($result))
                {
                echo "<tr>";
                echo "<td>".$row->name."</td>";
                echo "<td>".$row->email."</td>";
                $sql = "select count(*) as cnt_accounts from account_main where admin_idx='".$row->idx."'";
                $row2 = mysql_fetch_object(mysql_query($sql));
                echo "<td>".$row2->cnt_accounts."</td>";
                $sql = "select count(*) as cnt_students from account_main ac, account_students st where ac.admin_idx='".$row->idx."' and ac.idx=st.account_idx";
                $row2 = mysql_fetch_object(mysql_query($sql));
                echo "<td>".$row2->cnt_students."</td>";
                $sql = "select count(*) as cnt_groups from account_main ac, account_groups gr where ac.admin_idx='".$row->idx."' and ac.idx=gr.account_idx";
                $row2 = mysql_fetch_object(mysql_query($sql));
                echo "<td>".$row2->cnt_groups."</td>";
                $sql = "select count(*) as cnt_active from account_main ac, account_groups gr, class_main cl, class_schedule sc where ac.admin_idx='".$row->idx."' and ac.idx=gr.account_idx and gr.idx=cl.group_idx and cl.idx=sc.class_idx and sc.active='1'";
                $row2 = mysql_fetch_object(mysql_query($sql));
                echo "<td>".$row2->cnt_active."</td>";
                echo "<td><a href=\"#edituser\" onClick=\"setuser('".$row->idx."')\">edit</a></td>";
                echo "<td>".($row->psw?"YES":"NO")."</td>";
                echo "<td><a href=\"javascript:setpassword('".$row->idx."','".strtr($row->name,"'","`")."', 'set')\" >set/reset</a></td>";
                echo "<td><a href=\"javascript:setpassword('".$row->idx."','".strtr($row->name,"'","`")."', 'clear')\" >clear</a></td>";
                echo "</tr>";
                }
        echo "</table>";
        }
//add/edit user
echo "<h2><a name=\"edituser\">Add/Edit User</a></h2>";
echo "<form name=\"userform\" method=\"post\" action=\"\"><table class=\"tabular\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"50%\"><tr>";
echo "<th>Select</th><th>Name</th><th>Email<th></th></tr><tr>";
echo "<td><select name=\"useridx\" onChange=\"readuser()\"><option value=\"0\">--- New ---</option>";
$sql = "select idx, name from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
while ($row = mysql_fetch_object($result))
        echo "<option value=\"".$row->idx."\"> Edit ".$row->name."</option>";
echo "<td><input type=\"text\" name=\"username\" size=25 maxlength=50></td>";
echo "<td><input type=\"text\" name=\"useremail\" size=25 maxlength=50></td>";
echo "<td><input type=\"submit\" name=\"submit\" value=\"Update\" onclick=\"return confirm('Are you sure you want to continue')\" title=\"add\edit user\"></td>";
echo "</tr></table><input type=\"hidden\" name=\"userpsw\" value=\"\"><input type=\"hidden\" name=\"idx\" value=\"".$idx."\"><input type=\"hidden\" name=\"menu\" value=\"".$menu."\"></form>";


//password reset form
echo "<form name=\"passform\" method=\"post\" action=\"\"><input type=\"hidden\" name=\"idx\" value=\"".$idx."\"><input type=\"hidden\" name=\"useridx\" value=\"".$useridx."\"><input type=\"hidden\" name=\"menu\" value=\"".$menu."\"><input type=\"hidden\" name=\"pswdset\" value=\"\"><input type=\"hidden\" name=\"username\" value=\"\"></form>";

?>

<script type="text/javascript" language="javascript">

function readuser()
{
var idx=document.userform.useridx.options[document.userform.useridx.selectedIndex].value;
if (idx==0)
        clearuser();
else
        setuser(idx);
}

function clearuser()
{
document.userform.username.value="";
document.userform.useremail.value="";
}

function setuser(idx)
{
var name=new Array();
var email=new Array();

<?php
$sql = "select idx, name, email from admin_users where access_co='1' order by name";
$result = mysql_query($sql);
while ($row = mysql_fetch_object($result))
        {
        echo "name[\"".$row->idx."\"] = \"".$row->name."\";\n";
        echo "email[\"".$row->idx."\"] = \"".$row->email."\";\n";
        }
?>
document.userform.useridx.value=idx;
document.userform.username.value=name[idx];
document.userform.useremail.value=email[idx];

}


function setpassword(idx,name,action)
{
var message = "Are you sure you want to "+action+" the password for "+name;
if(confirm(message))
        {
        document.passform.useridx.value=idx;
        document.passform.username.value=name;
        document.passform.pswdset.value=action;
        document.passform.submit();
        }
}

</script>
Return current item: Tinbox